Observations on articles I read to keep current about technology. My interests are: Privacy, security, business, the computer industry, and geeky stuff that catches my eye.

I don't think I have an agenda beyond my own amusement.

Note that I lump all my comments into a single post. This is not a typical BLOG technique, It's just an indication that I'm lazy.

Saturday, July 03, 2010

Many unusual aspects... It sounds like the are blaming the credit card processing companies – could it be another Heartland? It also looks like they have no idea what is happening, and therefore can't stop it.

A local security breach with credit and debit cards has been linked to a national company.

Lafayette Police detective B.T. Brown said the security issue affected the Camilles Sidewalk Cafe restaurants in the area. But Brown said the breach was strictly through Camilles’ parent company, Beautiful Brands International.

“They [local Camilles franchises] had no knowledge of the breach until they were contacted by their corporate office,” he said. “These people were affected from California clear across the United States to New York.”

The people affected were customers at Camilles Sidewalk Cafe restaurants, including some in Tippecanoe County. But Brown said it’s a national issue that’s out of the hands of local law enforcement.

“The information that is sent to the financial institutions is being forwarded to the Secret Service,” he said.

“We are working with Visa and Mastercard and the United States Secret Service to stop that breach and prosecute the people responsible,” said Robert Sartin, the attorney for Beautiful Brands International.

Sartin said the credit and debit card breach has likely affected fewer than 20 stores across the country. He said the issue has not been linked to any employees or owners of Camilles restaurants, or any employees at Beautiful Brands.

“We believe, based on the evidence we’ve seen so far, that computer hackers have infiltrated the credit card processing system,” Sartin said. “And we believe that we’ll be able to stop that in the future.”

Interestingly, I had been tipped that Beautiful Brands had been breached almost two months ago, but when I contacted Beautiful Brands, they never returned my phone calls, and their PR representative, despite promising to respond, never got back to me after numerous attempts and reminders. So now they are saying that they believe they’ll be able to stop the infiltration of the POS “in the future?” When exactly did they secure the system this time around? For how long was their system compromised without their knowledge?

[From the article:

Sartin said the company hopes to contain the problem nationally within a couple of weeks. He said the investigation into who's behind the crimes will be complete shortly after that happens.

… He said the security breach has affected about five local financial institutions to the scale of more than $100,000, but he hasn't seen a local debit or credit card complaint for several weeks. [So this has been going on for a LONG time! Bob]

Unidentified hackers have managed to compromise the credit card processing system at Destination Hotels & Resorts. The company, which operates a chain of hotels in the United States, claims that only credit cards that were physically swiped were affected.

Destination is headquartered in Englewood, Colorado, but runs over thirty hotels and resorts nationwide, including in popular vacation spots like Aspen, Lake Tahoe or Maui. In a press release posted on its website, the company announced that it was the victim of a credit card fraud scheme, which involved malware being installed into its point-of-sale processing system. It appears that the attackers operated remotely.

… We know we are not the first hotel company to be victimized by this kind of attack... [We just assumed we didn't need security... Bob'

Another case of “Were the school, so we know best. Parents are ignorant, so we need to show them how to 'parent.'”

Colleges are moving everything online – classes, libraries and textbooks for example. This requires them to severely limit the capabilities of their networks. Could my Ethical Hacking class find a way around the controls? Should they have to?

"The US government is making colleges and universities join in the fight against digital piracy by threatening to pull federal funding. Beginning this month, a provision of the Higher Education Opportunity Act of 2008 requires colleges to have plans to combat unauthorized distribution of copyrighted materials on their networks. Colleges that don't do enough could lose their eligibility for federal student aid. 'Their options include taking steps to limit how much bandwidth can be consumed by peer-to-peer networking, monitoring traffic, using a commercial product to reduce or block illegal file sharing or "vigorously" responding to copyright infringement notices from copyright holders.'"

"Clay Shirky looks at "cognitive surplus" -- the shared, online work we do with our spare brain cycles. While we're busy editing Wikipedia, posting to Ushahidi (and yes, making LOLcats), we're building a better, more cooperative world."

Google Video Chat is a nice alternative to Skype available to anyone using Gmail. Some folks aren't aware of how easy it is to video chat using Google Video Chat. Therefore, yesterday Google released a simple video guide and PDF guide about it.

Terming Wheatt the result of fusing together a search engine and a read-it-later app is the best way there is to introduce it to you. By installing the provided bookmarklet you will be capable of finding specific information within any page that you are reading, and the ability to tag what you have found will let you access the information more naturally later on.

That is, when you are on a page that you find interesting you just use the bookmarklet to add these tags that you think will let you find the information more succinctly afterwards. You can work with dates, domains, words… it is all taken into account.

Installing Wheatt is a mere matter of dragging and dropping the bookmarklet that is provided into your browser’s toolbar, and signing up by submitting an email address and a password. It is interesting to note that you are not required to supply a working email at all - just make sure to remember the password. That will do the trick. No fees have to be paid for using this service, and no other kind of information is ever requested.

Friday, July 02, 2010

It might be useful to collect these and put together the questions management will need to answer after a breach – and I suspect they are questions that should also be asked/answered in normal day-today monitoring of security.

Connecticut Attorney General Richard Blumenthal is investigating a massive security breach that allegedly compromised private financial and health information on nearly a half million WellPoint consumers, including thousands in Connecticut.

In a letter to WellPoint Inc., Blumenthal has requested detailed information about how the breach occurred, what steps have been taken to protect the affected individuals, and what new procedures have been adopted to prevent future breaches.

Blumenthal is also calling on WellPoint to provide the same protection that other companies have done after similar breaches — at least two years of credit monitoring, at least $25,000 of identity theft insurance and expenses covered to impose and later lift any security freeze on consumers’ credit reports.

[...]

Blumenthal is seeking a response by July 9. The information he is seeking includes:

the name and address of the computer company who updated the online application process in October 2009; [“We'd also like to send a letter to ______________” Bob]

What security protections, hardware or software, were present or used on the online application system prior to the upgrade;

the categories of information contained on the online system and compromised by this breach;

the process by which someone would be able to “manipulated the URL address” in order to view other individuals’ information;

Prior measures to safeguard sensitive information;

how and when WellPoint first learned about the breach;

the circumstances under which the information was accessed or viewed by anyone without authorization;

what, if any, security protocols or procedures were in effect to prevent the exposure of private information to users or applicants using the online system;

the number of individuals affected by this incident and their state of residence;

all steps taken to determine what caused the flaw in the online application system and the time period in which private information was publicly available;

how WellPoint determined that the information was accessed by fewer than 10 unidentified computers — someone other than the health insurer’s employees and affiliates;

copies of all investigative reports or audits relative to this incident;

all steps taken or that will be taken to warn all affected persons that their private information may have been compromised, and copies of any notification letters already sent;

an outline of any plan to prevent a future breach and a timeline for implementing that plan; and

… According to Sony, the recall covers certain models in the VAIO F and VAIO C series and has been issued in light of a temperature-control defect that can lead to the production of potentially dangerous levels of heat within the hardware.

Facebook appears to have added a shutterbug's [and Intelligence agencies Bob] dream feature: Face detection technology. As soon as you upload a picture, the feature realizes that there are humans in it and preselects their faces. You just add the poor souls' names.

That's really the only question that needs to be debated in the wake of Google's announcement that it plans to acquire ITA Software, the leading provider of flight information from airlines to travel Web sites, for $700 million in cash. As it stands, the deal would marry the world's leading Internet search company with a crucial link in the online flight reservation process, making life for executives at online travel sites such as Orbitz, Kayak, and Expedia a whole lot more complicated.

… So from Google's perspective, this is a user-friendly deal that will simply allow it to offer a better service. It also doesn't hurt that if Google turns into the predominant online destination for travel search, revenue from ads placed next to those search results will add to Google's already lucrative search advertising business.

But there are dozens of other sites that already offer these services by licensing ITA's software, including Google archrival Microsoft's Bing search engine and travel-oriented sites like the ones described above. So why didn't Google simply license the software as well? CEO Eric Schmidt said Google considered that, but concluded it would be unable to do the "deep integration" with search results and innovation in travel search that it desired without merging Google's technology and ITA's.

For your Computer Security manager or anyone who would like to understand what can be done to secure your computers.

IBM is making another acquisition today, buying up computer security software company BigFix. Terms of the deal were not disclosed.

BigFix security software identifies all of a company’s PCs, laptops, server and then monitors and flags IT administrators when devices are not in compliance with corporate IT security standards. BigFix’s software promises to make security fixes across at least 500,000 machines in a matter of minutes.

News release: "The Federal Communications Commission today launched the Data Innovation Initiative, the agency’s latest action to modernize and streamline how it collects, uses, and disseminates data. With this launch, the FCC continues the changes that were made as part of a comprehensive reform effort that is improving the agency’s fact-based, data-driven decision-making. To lead the Data Innovation Initiative, FCC Chairman Julius Genachowski today established a new, cross-bureau data team, led by the agency’s first-ever Chief Data Officer... The launch of the Data Innovation Initiative, the appointment of the data team, and the release of the public notices follows other data innovations recently launched at the FCC, which include improving the search on ECFS, making more information machine-readable at www.reboot.fcc.gov/data, tools that allow consumers to test the performance of their broadband connections that can be found at www.broadband.gov, an interactive Spectrum Dashboard, and collaboration with the NTIA to produce a National Broadband Map."

sciencehabit writes with an intriguing story about the potential of figuring out where people have been by examining their hair:

"That's because water molecules differ slightly in their isotope ratios depending on the minerals at their source. Researchers found that water samples from 33 cities across the United State could be reliably traced back to their origin based on their isotope ratios. And because the human body breaks down water's constituent atoms of hydrogen and oxygen to construct the proteins that make hair cells, those cells can preserve the record of a person's travels. Such information could help prosecutors place a suspect at the scene of a crime, or prove the innocence of the accused."

Or frame someone by slipping them water from every country on the terrorist watchlist.

Today we filed a complaint with the FTC and multiple state attorney generals’ offices against online data broker and aggregator Spokeo, Inc. We hope the FTC will view this complaint as an opportunity to tackle the growing issue of online — and offline — data aggregators offering unregulated consumer profiles.

The Russian ring charged this week with spying on the United States faced some of the common security problems that plague many companies -- misconfigured wireless networks, users writing passwords on slips of paper and laptop help desk issues that take months to resolve.

In addition, the alleged conspirators used a range of technologies to pass data among themselves and back to their handlers in Moscow including PC-to-PC open wireless networking and digital steganography to hide messages and retrieve them from images on Web sites.

So apparently this list isn't to ensure that extra attention is paid when these folks travel (run them through the nude image scanner, full cavity search, etc.) it's to allow discrimination based on religion? Or maybe it's based on ethnicity or national origin... Or maybe (and this is truly scary) there is “no particular reason”

Ten U.S citizens and residents, three of whom are veterans, are stuck abroad or cannot fly within or out of the United States because they are wrongly on a no-fly list, according to a federal lawsuit lodged Wednesday.

The Oregon federal court case claims the plaintiffs, many with Middle Eastern names who have committed no legal wrongdoing, have asked the Department of Homeland Security and Transportation Security Administration for an explanation, to no avail.

If they are US citizens pirating US films, what are ICE and Homeland Security doing there?

A week after U.S. Vice President Joe Biden warned that the government would start cracking down on illegal file sharing, the feds swooped in and seized assets belonging to operators of accused movie-pirating sites.

… Authorities are searching for operators of the sites as part of an ongoing criminal investigation, according to Virginia Kice, a spokeswoman for the U.S. Immigration and Customs Enforcement (ICE). The crimes that the operators are accused of committing weren't clear, but some of the sites are accused of distributing film copies prior to their theatrical release. [So these were foreign films? Bob]

As of 3 p.m. PDT, some of the sites were still operating, but government officials said they anticipated the sites would come under government control within hours. [I wonder how much of this is currently 'in the cloud' and how much will be driven there by these actions? Bob]

The investigation involved multiple law enforcement groups, including the U.S. District Court for the Southern District of New York and ICE, a unit of the Department of Homeland Security.

Last week, Biden and Victoria Espinel, the U.S. intellectual property enforcement coordinator, told reporters that they wanted to send a message to counterfeiters and pirates that this administration was intent on protecting the nation's intellectual property.

(Related) This could be a government attempting to control the information available to its citizens – or maybe they too have an active movie/music lobby.

There is outrage amongst sections of the online community as it is revealed that at the behest of copyright holders, a free online library has been raided by police. Chitanka carried user translated and submitted books, poems and other literature and as an “altruistic library” was thought to be legal under current legislation. Instead the site was raided and subjected to criminal procedures.

"Citing 'national security concerns,' the French Autorité de Régulation des Communications Électroniques et des Postes (ARCEP, France's equivalent of the US's FCC) has ruled that D-Star, an amateur radio digital signal mode used world-wide, is illegal because it could allow operators to connect to the Internet. The ARCEP also cites alleged concerns regarding cryptography and national security as well as the use of a proprietary codec. While it's true that the D-Star codec is proprietary, its owner has openly licensed it (for a fee, of course) to any manufacturer who wants to build it into their equipment. Any licensed amateur radio operator who lives within the EU can sign an online petition protesting this decision."

Isn't this just polite behavior that all online services should provide? Corporate Security Managers should be checking employee login locations and flagging those that fall outside normal parameters. Think of banks that fail to check the IP address of customers who move money via electronic banking systems.

When your credit card gets too much activity from random parts of the world, your bank usually shuts it off, or at least gives you a call to make sure all those charges are legit. Now, Google is implementing a similar strategy across all elements of your Google account: if the company detects what it considers to be suspicious logins for your Gmail, Google Calendar, Blogger, Buzz, or other Google accounts, it will flag your dashboard and let you decide how to proceed.

Just in time for my next Statistics class. Also, I'm noting this type of display more frequently – there must be tools that make this a much simpler process than it used to be.

BLS: New Data Access Tool Quarterly Census of Employment and Wages - State and county map application

"The Bureau of Labor Statistics (BLS) has developed an interactive state and county map application available at beta.bls.gov. The application displays geographic economic data through maps, charts, and tables, allowing users to explore employment and wage data of private industry at the National, State, and county level. Throughout this application, URLs are specific to the data displayed, so links can be bookmarked, reused, and shared. The application includes maps, charts, tables, and a link to standard BLS data tables and graphs."

While I was testing UseKit I found myself thinking, “Boy, this is a bit like a Swiss Army knife for the Internet”. And I wouldn’t be surprised if most people who test it out feel exactly like that at the end of the trial.

UseKit can not be termed “a tool”; it is “a collection of tools” that are not necessarily interconnected, but they do have one common denominator: they all make for increasing your productivity when it comes to accessing and processing information found online.

For starters, UseKit will let you capture information via a provided bookmarklet, and once you have retrieved it you can proceed to share it with whomever you want. Besides, you will be capable of using sticky notes and a virtual highlighter in order to further capture information without having to leave the page that you are viewing.

In order to give UseKit a try, all that you need to do is drag and drop the provided bookmarklet into position. Upon doing so, the UseKit toolbar will become visible. And note that you can actually personalize it in order to make it fully accommodate your needs.

[From the website:

No installation required. Register it's free.

Another multi-tool, including Bibliography creator! Includes a Teacher's Guide

YoLink is a free service that helps students refine their web searches and easily bookmark their findings in Diigo and EasyBib. YoLink also integrates with Google Docs account so that users can quickly move the content you bookmark in YoLink into a document. YoLink is plug-in for Firefox and Chrome.

I've linked to several of these videos for my Math classes. Better than most Math videos!

Wednesday, June 30, 2010

It is increasingly difficult to believe that hospitals and their supporting contractors have never heard of encryption or security/privacy 'best practices.' I'd think by now that contractors would want to charge extra to handle unencrypted data – at least enough to insure against the cost of a breach.

New York’s Lincoln Medical and Mental Health Center is notifying patients that their personal information may have been compromised after seven CDs full of unencrypted data were FedExed by a hospital contractor and then lost in transit.

The CDs were sent by the hospital’s billing processor, Siemens Medical Solutions USA, around March 16, but never arrived at their intended destination. They included sensitive health and personal information including Social Security numbers, addresses, dates of birth, health plan numbers, driver’s license numbers and even descriptions of medical procedures, the hospital said on a note posted to its Web site.

That’s what the American Civil Liberties Union concluded Tuesday with a report chronicling government spying and the detention of groups and individuals “for doing little more than peacefully exercising their First Amendment rights.”

If you have checked in with Foursquare in San Francisco in the last three weeks, Jesper Andersen probably knows where and when — even if you’ve set your check-ins to be published to friends only.

Andersen, a coder who recently built a service called Avoidr that helps you avoid social network “friends” you don’t really like, figured out that Foursquare had a privacy leak because of how it published user check-ins on web pages for each location.

“How dare you make it easy for our customers to leave!” (Implications for Cloud Computing)

Well that didn’t take long. Halfway into their big 15 importers in 15 days campaign, Posterous has managed to make one of their competitors very angry. Twitpic is so angry, in fact, that they’re blocking the service and threatening legal action.

This morning, Posterous introduced their new “Rescue your photos from TwitPic” tool — a one-click way to import your photos from Twitpic over to your Posterous blog. This is the same type of importer Posterous has already made for Ning, Vox, Tumblr and a host of other services

"US intellectual property law expert Jonathan Band has warned that Silicon Valley's search engines, hosting companies, and e-commerce giants have much to fear from the Anti-Counterfeiting Trade Agreement, negotiations for which continued in Switzerland today. The fear for search engines in particular is the erosion of 'fair use' protections and introduction of statutory damages, both of which could lead to more copyright claims from rights holders."

The article links a marked-up ACTA draft (PDF) that Band and a coalition of library organizations and rights groups believe is more balanced. Quoting Band: "Our high-level concern is that ACTA does not reflect the balance in US IP law, [which] contains strong protections and strong exceptions. ACTA exports only the strong protections, but not the strong exceptions."

Using the “Streisand effect,” deliberately or not. What would cause an “automatic” deletion?

This morning, there was some ruckus on the Web when Facebook seemingly flat out deleted the Boycott BP page, which has amassed some 734,000 ‘fans’ on the social network so far.

… Following multiple reports on the Web about the mysterious apparent removal of the page and its return, we contacted Facebook to learn what happened exactly. Moments ago, the company provided us with an official statement on the matter, which remains quite vague but at least acknowledges there was no malicious intent involved, let alone a conscious decision by someone at Facebook to shut the page down:

“The admin profile of the Boycott BP Page was disabled by our automated systems therefore removing all the content that had been created by the profile. After a manual review we determined the profile was removed in error and it has now been restored along with the Page.”

Asked what triggered the automated systems to flag said profile in the first place, Facebook declined to go into detail because it fears people knowing about how their systems work will “weaken their effectiveness”.

(Related) Perhaps extreme language and an argumentative stand isn't the best way to win friends and influence people?

"After ASCAP declared war on free culture and Creative Commons responded on the incident, the war of words is escalating. Drew Wilson of ZeroPaid has been following this story closely. The EFF responded to the ASCAP letter, saying 'we don't think that ASCAP characterized EFF and its work accurately. We believe that artists should be compensated for their work, and one proposal we have for that is Voluntary Collective Licensing.' The response from the EFF came with a study and a letter written by one irate ASCAP member who donated to the EFF and to Public Knowledge as a result of the ASCAP letter. Public Knowledge also responded to the letter, saying 'It's obvious that the characterization of Public Knowledge is false. Public Knowledge advocates for balanced copyright and an open Internet the empowers creators and the public. What we oppose are overreaching policies proposed by large corporate copyright holders that punish lawful users of technology and copyrighted works.' Now the National Music Publishers Association has weighed in to support ASCAP, saying that organizations like Public Knowledge and the EFF 'have an extremist radical anti-copyright agenda' according to a transcript of a speech posted on Billboard. Public Knowledge has dismissed those allegations, saying 'anybody who has spent more than 5 minutes on our website or talking to our staff knows that these things are not true.'"

I'm in my local library at least twice a week and probably on their website weekly too.

"For academic librarians seeking to demonstrate the value of their libraries to their parent institutions, it is important to understand not only the current climate. We must also know what will be valued in the future so that we can begin to take appropriate action now. This document presents 26 possible scenarios based on an implications assessment of current trends, which may have an impact on all types of academic and research libraries over the next 15 years. The scenarios represent themes relating to academic culture, demographics, distance education, funding, globalization, infrastructure/facilities, libraries, political climate, publishing industry, societal values, students/learning, and technology."

"It is shockingly easy to gain access to an AT&T customer's voicemail using caller ID spoofing techniques. What's worse is that AT&T knows about it. On your Android phone, download one of the two caller ID spoofing programs. Input the number of your target as the destination number and then enter the same number as the spoofed caller ID. Then connect your call. If the target has not added a voicemail password (the default is no password), you will be dropped into a random menu of their voicemail and eventually can drill up or down to get what you want. You can change greetings, erase messages, send voicemails out of the target account, and much more. How many politicians up in arms about Google Wi-Fi sniffing will want to know more about this?"

One of the Statistical tests I think my students must master. Think of it as an “Is this Bull?” test.

jamie found a story up on Daily Kos revealing that the polling firm they had contracted with for 18 months, Research 2000 or R2K, apparently made up or at least manually tweaked its polling results. The blog published a preliminary report by a team of statistics gurus (Mark Grebner, Michael Weissman, and Jonathan Weissman), and it is an exemplar of clarity and concision. The team reports, "We do not know exactly how the weekly R2K results were created, but we are confident they could not accurately describe random polls." Daily Kos will be filing a lawsuit against its former pollster.

"For the past year and a half, Daily Kos has been featuring weekly poll results from the Research 2000 (R2K) organization. These polls were often praised for their 'transparency,' since they included detailed cross-tabs on sub-populations and a clear description of the random dialing technique. However, on June 6, 2010, FiveThirtyEight.com rated R2K as among the least accurate pollsters in predicting election results. Daily Kos then terminated the relationship. One of us (MG) wondered if odd patterns he had noticed in R2K's reports might be connected with R2K's mediocre track record, prompting our investigation of whether the reports could represent proper random polling. ... This posting is a careful initial report of our findings, not intended to be a full formal analysis but rather to alert people not to rely on R2K's results."

For my students who don't like to read? Now they can listen to my blog on their cellphones while driving to class.

… BlogRadio is a great tool that takes your RSS feeds and convert them to audio speech so you can listen to them instead of reading them.

You can choose between an almost natural male or female voice and even listen to the feeds on your smart phone. Moreover, everything is stored in the cloud so you get unlimited storage. This desktop tool works on Windows, Mac as well as Linux. You can control your audio files and even see pictures included in the RSS feeds. The desktop client is automatically updated every time you launch it.

… There are ... times where I need to open a link in a new browser window like in Internet Explorer, or if I need to test a website for usability, I might need to test a page in several different browsers.

In the past you would open a link in a new browser window by opening the browser and browsing to the page you need to test or you could fire up a tool like Browsershots that we have previously profiled. But what if you want an easy way to tell Firefox to open that link in a different browser? Well now you can with a Firefox extension called Open With.

Tuesday, June 29, 2010

The latest revelations on the Anthem/Wellpoint breach raise some questions for this blogger.

Matthew Sturdevant reports that the recently disclosed Anthem breach may affect many more than the 230,000 recently reported:

An online security breach put at risk the personal, financial and medical information of 470,000 WellPoint customers nationwide, including 5,600 in Connecticut, customers are learning this week in notification letters from the company.

The breach only affects those who used the company’s Web portal to apply for individual-market health insurance through WellPoint subsidiaries, mostly Anthem Blue Cross or Anthem Blue Cross and Blue Shield, in 10 states. It doesn’t affect those who have group-based insurance through WellPoint or Anthem, such as plans offered through an employer, union or some other organization.

BUT: A commenter on a previous thread on had PHIprivacy.net noted that they got the letter and they were not an applicant but an existing customer, so there is still some question in my mind as to exactly who was affected.

In October, WellPoint hired a computer company to update security on its online application process, but the work left a flaw that allowed some to tinker with the system and see other people’s applications, said WellPoint spokesman Cindy Sanders.

Somewhat disturbingly, it seems that after a customer discovered the problem after the upgrade, she got a lawyer and filed suit. But did she ever notify the company so that they could secure the database or did she and her lawyer just file suit? The news story reports:

The company learned of the security flaw in March when it received a subpoena for a lawsuit seeking class-action status in a California court, Sanders said. The security flaws were fixed in March. An internal WellPoint investigation discovered that the information was accessed by fewer than 10 unidentified computers [It only takes one! Bob] — someone other than the health insurer’s employees and affiliates.

Wellpoint had a major breach back in 2008 that had been exposed by PogoWasRight.org where data were seemingly left with inadequate security for over a year, even after a customer reported the problem to them and even after they had supposedly secured the database. In that case, and this one, the contractor responsible for the security was not named. Was it the same one? The current breach exposed a lot of sensitive data:

Those who hacked into the system could have seen applications, which include a person’s name, Social Security number, credit card information, health information and medical history. Besides Connecticut, the breach affected Anthem and WellPoint customers in California, Colorado, Indiana, Kentucky, Missouri, Nevada, New Hampshire, Ohio and Wisconsin.

The Associated Press reports that a London, Ontario teen has been charged with hacking into a server in Colorado. Canadian police reportedly acted on a complaint from the sheriff’s department in Castle Rock, Colo.

Police say the complaint involved unauthorized access and damage to a private server that contained sensitive data, including tax records.

Which can of worm should we discuss? We have the “I don't know how to secure Facebook” can, the “What terms and conditions?” can and the “Is failure to opt out the same as opting in” can.

SEO and privacy experts have raised questions about a feature in Google’s Analytics Dashboard that allows website operators to find information on individuals who have linked to their site through social media sites such as Facebook and Twitter.

The Google Analytics tool, highlighted by SEO expert and SmartCompany blogger Chris Thomas in his blog today, allows websites to track who has linked back to their site. While most of these links come from blogs and websites, a significant number now come from Facebook profiles where users have shared a link with their friends.

As a result, not only can websites identify the Facebook and Twitter profile names who have visited their site, they can identify the specific pages those users have linked. Additionally, websites can then potentially visit these Facebook or Twitter profiles and gather further information, including potentially personal details.

Read more on SmartCompany. So far, they seem to be the only ones raising this as a privacy concern. Chris Thomas cites Google Analytics’ T&C:

7. PRIVACY. You will not (and will not allow any third party to) use the Service to track or collect personally identifiable information of Internet users, nor will You (or will You allow any third party to) associate any data gathered from Your website(s) (or such third parties’ website(s)) with any personally identifying information from any source as part of Your use (or such third parties’ use) of the Service. You will have and abide by an appropriate privacy policy and will comply with all applicable laws relating to the collection of information from visitors to Your websites. You must post a privacy policy and that policy must provide notice of your use of a cookie that collects anonymous traffic data.

An amusing debate topic: Ignorance of technology is similar to ignorance of the law.

The justice minister of Germany expressed concern on Monday over Apple’s practice of compiling data on users of its new iPhone, making the company the latest technology giant to fall afoul of the country’s strict privacy laws.

[...]

The justice minister, Sabine Leutheusser-Schnarrenberger, asked Apple to tell state data protection officials about the kind of data the company was gathering on individual iPhone users in Germany. The company is also being asked to outline how long the data is being stored and for what purpose.

"While SSL certs are widely used on the Internet today, a new study from Qualys, set to be officially released at Black Hat in July, is going to show some shocking statistics. Among the findings in the study is that only 3% of SSL certs in use were actually properly configured. Quoting: '"So we have about 22 million SSL servers with certificates that are completely invalid because they do not match the domain name on which they reside," Ivan Ristic, director of engineering at Qualys, said.'"

(Related) Just plain ignorance? I haven't seen the creation of a false Facebook (or other tool) trail to “prove” innocence or provide an alibi, but some TV show will think of it...

"A lot of Facebook users going through divorces have learned a very costly lesson about their privacy settings. In fact, for many of them their Facebook pages helped lead to the divorce in the first place. More than 80% of the members of the American Academy of Matrimonial Lawyers say they've used or run into evidence gathered from Facebook and other social networking sites over the last five years — and some of them have some very entertaining stories to tell. 'Facebook is the unrivaled leader for turning virtual reality into real-life divorce drama,' said AAML's president."

Doctors are threatening to boycott the NHS’s electronic patient database amid fears of security breaches. Plans to upload all personal medical records on to a centrally-stored network have been met by controversy since they were announced by the last Government.

Now GPs in the North East are fighting the proposals by saying they will not allow their own or their families’ records to be included,

A survey in Sunderland, South Tyneside and Gateshead asked doctors and practice managers to consider whether they would become part of the Summary Care Record. Of the 152 who responded, 74 per cent said they would not allow their own medical data to be uploaded and 70 per cent said they would not permit either their own or their families’ records to be uploaded.

Fears were raised that medical records would no longer be confidential, and could result in a “gross invasion of privacy”.

The SCR database has been plagued with such concerns from the git-go. Do they need to go back to the drawing board?

Basic Legal Research on the Internet: This article explores the corner of the Internet landscape that concentrates on legal research. For the most part, these databases and search tools are free, although some might require a library card. Essentially, this is a short list of "go to" sites that most researchers will find useful. Before delving in, author Ken Strutin also examines a few time tested research concepts for the Internet age.

I'm going to start collecting these for my Risk Analysis class. Small Businesses who do electronic banking shouldn't have more in their accounts than they are willing to lose. And banks need to develop better procedures!

A California escrow firm has been forced to take out a pricey loan to pay back $465,000 that was stolen when hackers hijacked the company’s online bank account earlier this year.

In March, computer criminals broke into the network of Redondo Beach based Village View Escrow Inc. and sent 26 consecutive wire transfers to 20 individuals around the world who had no legitimate business with the firm.

Fung backs up his statement with the argument that keywords such as ’10′, ’21′, ‘Birth’, ‘Cars’, ‘Dad’, ‘Dave’, ‘Firefox’ and ‘Soldier’ would result in significant collateral damage with a keyword filter. It might make movie titles unavailable, but also a lot of public domain, GPL and Creative Commons works.

For my Statistics class. If you do not include cell phones, what are you missing? The demographics of cell phone users vs. landline users are strange to say the least.

Pew Report: Assessing the Cell Phone Challenge to Survey Research in 2010

Assessing the Cell Phone Challenge to Survey Research in 2010: "One-in-four U.S. households now have no landline telephone, considerably more than in the early 1960s when telephone surveys were considered infeasible because so many households were unreachable by telephone. Unlike the 1960s, however, most of those without a landline today do have telephone service, in the form of one or more cell phones. Very few households, according to government estimates, cannot be reached at all by telephone. Yet pollsters and other survey researchers who use the telephone as the principal means of reaching potential respondents face a difficult decision as to whether to include cell phones in their samples. Doing so adds significantly to the cost and complexity of conducting surveys at a time when respondent cooperation is becoming increasingly difficult to obtain."

Some of my students like these, some find them amateurish, some didn't bother to look. I think they are a brilliant, simple example of what could be done.

"Working from the comfort of his home, Salman Khan has made available over fifteen hundred mini-lectures to educate the world. Subjects range from math and physics to finance, biology, and current economics. Kahn Academy amounts to little more than a YouTube channel and one very, very devoted man. He is trying to provide education in the way he wished he had been taught. With over 100,000 video views a day, the man is definitely making a measurable difference for many students young and old. In his FAQ he explains how he knows he is being effective. What will probably ensure his popularity (and provide a legacy surpassing that of the most highly-paid educators) is that everything is licensed under Creative Commons 3.0. He only needs his time, a $200 Camtasia Recorder, an $80 Wacom Bamboo Tablet, and a free copy of SmoothDraw3. While the lecturing may not be quite up to the Feynman level, it's a great augmenter for advanced learners, and a lifeline for those without much access to learning resources."

Tools & Techniques. Scanning a document creates an image file. This online tool could save the time it takes to type in the text you can see but your word processor can't handle.

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.